> I had been thinking a little about this when HL came out, glad it came > up. Do games like Halflife that don't require a central server really > *need* to be authenticated by a central server? In other words, > instead of generating bogus or stealing legit serialz, you just disable > the client-side registration code and/or spoof the confirmation of > authentication from the central server. That would tend to break systems > like Ultima Online, where a user merely runs a client, he doesn't host > games, but in the Quake/HL model, would anything break? I've noticed that > HL runs just fine without authenticating over a LAN-- no central server > needed there. This technique might keep you off the WON, but not the net. I think it's due to the current underground culture. As the traditional crackers went pro (many of the people who cracked games now work in the games industry), the new breed didn't understand how to do the more complex cracking (reverse engineering the copy protection). Instead, they focused on generating serial numbers. Call it a degradation of skills over time, if you will. > And... why not pirate servers that perform whatever game administration > is required? Can't be that tough to set up a server that listens to > broadcasts and requests; I don't think WON has the market cornered there. > And legitimate users could also set up proxies that re-serve the game > listings coming off the WON. My guess is that folks join the game through > direct connection anyway, so it really would be fairly trivial. If the authentication server is hardcoded and obfuscated, it would be be nearly impossible to change it. Some serious hacking of the TCP stack would be in order (if it addresses the auth server by IP only), and I'd expect most people who are capable of such would either a) be white-hat or b) be too 'leet to release it. > I think it's premature to declare the warez scene dead. The cracking scene died with the demo scene though... it was more about fame than piracy, Unfortuneatly, people started ignoring the skilled ones and just got the software. The incentive for inventive cracks is no longer there, so all that remains are the people who just do the piracy... > Without actually looking at current implementations of this method in > various games, my guess is that it's probably done badly. There was a recent discussion about this on the Linux Game Developer list. Having 2 copies of the auth key, one which is MD5 encoded and well hidden would make changing the addresses pretty tough. Alas, most of the copy protection for games these days uses third party software. The traditional rivalry between the developers and the crackers is no longer there, so the developers don't have the input from the crackers. A little bit of history for you: Some developers used to leave hidden messages in the code for the more well known crackers. In return for this fame, the crackers would help the developers imporve the copy protection (so the cracker would have a greater challenge). Mark 'Nurgle' Collins === Lead Author - Linux Game Programming
This archive was generated by hypermail 2b30 : Thu Jun 14 2001 - 14:05:00 PDT